Today I was looking for a simple and efficient way to add aliases to the Windows Run dialog box (the one you can open using Win+R). Turns out my preferred way to do so is editing the registry, adding a key under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths ending with .exe. The Default value represents the exe you want to run, you can also add a subkey string value to the key with the name Path to specify the path where you want to run your alias. ...
Unfortunately my m8 forgot to renew our micro-dedicated server. We got that as a Black Friday deal. ATM we can’t really afford to take another one, thus I will rely on Github. End of transmission
A couple of months ago while I was watching KitBoga livestream he leaked the address of a fake tech-support website, made in WordPress. The now dead site was “password protected” by the Hide My Site plugin. Thus I decided to take a look at the source-code and try to own the shit out of the scammers. Target aesthetics A quick look through the code I downloaded the source-code and I started analyzing index.php. After about 5 minutes I get to the important part 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 <?php public function verify_login(){ //a password was entered. first let's confirm the user isn't blocked... if ((isset($_POST['hwsp_motech']))) { $this->security->track_ip(); } do_action( 'hidemy_beforeverify', $this ); #use this hook to add additional logic before verifying password entry //set access cookie if password is correct if ((isset($_POST['hwsp_motech']) AND ($this->security->needs_to_wait != 1) AND ($_POST['hwsp_motech'] != "")) AND ((!empty($this->verifyother)) or ($_POST['hwsp_motech'] == get_option($this->plugin_slug.'_password')) )) { setcookie($this->get_cookie2_name(), 1, $this->get_cookie_duration(), '/'); $cookie_just_set = 1; $this->cookie_just_set = 1; $this->security->remove_ip(); $this->attempt_status = "accepted"; do_action( 'hidemy_loginattempted', $this ); #use this hook to take an action upon login acceptance... } //if //failother is true and default cookie was not just set, or no cookie is set AND cookie was not just set //AND there is no admin bypass and this is not hmspreview //then show the login page if( (isset($_GET['hmspreview']) && ($_GET['hmspreview'] == 'true')) or ( ( ( (!empty($this->failother)) AND ($this->failother) AND (empty($cookie_just_set)) ) or ( (empty($_COOKIE[$this->get_cookie2_name()])) AND (empty($cookie_just_set)) ) ) AND ( ($this->no_admin_bypass()) AND (!(isset($_GET['hmspreview']) && ($_GET['hmspreview'] == 'true'))) ) AND (empty($this->open_to_public)) ) ) { ... ...
While setting up the server for this blog I stumbled across the problem to whitelist cloudflare’s ip ranges in iptables. After a quick search I realized a smart and efficient way to do this is using ipset. Thus I created a script to download the latest Cloudfare’s IPv4 ranges and create an ipset list out of it. ipset-cloudflare.sh #!/bin/bash # Created by antipatico (antipatico.ml) # Download the latest cloudflare's IPv4 ranges and create an ipset # named "cloudflare" you can later use in your iptables rules. IPSV4=$(mktemp) wget --quiet -O $IPSV4 https://www.cloudflare.com/ips-v4 ipset destroy cloudflare ipset create cloudflare hash:net while read -r range; do ipset add cloudflare $range done < $IPSV4 rm $IPSV4 ipset list cloudflare exit 0 After running it you can use it in your iptables rules like this ...
In these days I worked on setting up a mirror for this blog on github.io, in this post I’ll explain how I set it up. Repository everything Log in on your github.com account and create these repositories: yourwebsite.com: this will contain your whole hugo directory and it will contain the config.toml file with the domain yourwebsite.com. yourgithubname.github.io: this will be the mirror itself, it will be the public/ directory inside your hugo dir, generated with the github.io domain inside the config.toml. yourhugotheme: your theme folder in themes/, you can fork it if you’re using a theme made by someone else :). Note ...